If the config.json has entries for both gcr.io and https://gcr.io we should prune the file and remove the entry with https. If the runtime chooses the https entry it will result in the below error message.
default: Error response from daemon: unauthorized: You don't have the needed permissions to perform this operation, and you may have invalid credentials. To authenticate your request, follow the steps in: https://cloud.google.com/container-registry/docs/advanced-authentication
The config.json order is non-deterministic because it is a map structure; Go maps do not preserve order. As a result the runtime will sometimes use gcr.io and other times use https://gcr.io. So this error can appear to be intermittent.
Note that until we have a solution in place, the manual workaround is to manually strip superfluous entries from the config.json file before you store it in your secrets.
If the
config.jsonhas entries for bothgcr.ioandhttps://gcr.iowe should prune the file and remove the entry withhttps. If the runtime chooses thehttpsentry it will result in the below error message.The
config.jsonorder is non-deterministic because it is a map structure; Go maps do not preserve order. As a result the runtime will sometimes usegcr.ioand other times usehttps://gcr.io. So this error can appear to be intermittent.Note that until we have a solution in place, the manual workaround is to manually strip superfluous entries from the config.json file before you store it in your secrets.